In a previous blog post, I provided "Method of Entry" analysis for a ColdFusion compromise based on sanitized data from a SpiderLabs IR/Forensics team investigation which resulted in the attacker's installing a malicious IIS module that captured customer credit card data. In this blog post, we will analyze another ColdFusion compromise that again resulted in customer credit card data being stolen, however the initial vulnerability and exfiltration methods differed.
read more....http://blog.spiderlabs.com/2014/03/coldfusion-admin-compromise-analysis-cve-2010-2861.html
read more....http://blog.spiderlabs.com/2014/03/coldfusion-admin-compromise-analysis-cve-2010-2861.html